Analysis by security researchers at anti-virus firm Avast has revealed that hackers appear to be using weak passwords just like everyone else. Using a sample of nearly 40,000 passwords collected from years of analyzing malware, Avast’s Antonín Hýža found that only 10 percent of passwords were "beyond normal capabilities of guessing or cracking." The rest provide some interesting statistics around hackers password choices. Almost none of the unique passwords from the samples contained uppercase characters, despite regular warnings by security experts to use a mix of upper- and lowercase characters for passwords.
Most use English words, and common phrases include variations of pass, root, and hax. The most frequently used word is hack, an apt phrase given the subject. Surprisingly, the average password length was just six characters, and only 52 passwords were longer than 12 characters. Hackers could be using simple passwords because they don’t fear being attacked by fellow hackers, or simply to avoid using their real passwords for malware activities. Either way, hackers clearly aren’t always as security conscious as you might assume.